From 3c615b77ce6f80d6b8f7bec6d670ce0d7c3c5b49 Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Fri, 4 Oct 2024 09:56:32 +0000
Subject: [PATCH] fix: files/requirements_dev.txt to reduce vulnerabilities

The following vulnerabilities are fixed by pinning transitive dependencies:
- https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-3112177
- https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-3112180
- https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-3172287
- https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-3314966
- https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-3315324
- https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-3315328
- https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-3315331
- https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-3315452
- https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-3315972
- https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-3315975
- https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-3316038
- https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-3316211
- https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-5663682
- https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-5777683
- https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-5813745
- https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-5813746
- https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-5813750
- https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-5914629
- https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-6036192
- https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-6050294
- https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-6092044
- https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-6126975
- https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-6149518
- https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-6157248
- https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-6210214
- https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-6592767
- https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-6913422
- https://snyk.io/vuln/SNYK-PYTHON-URLLIB3-7267250
- https://snyk.io/vuln/SNYK-PYTHON-WERKZEUG-3319935
- https://snyk.io/vuln/SNYK-PYTHON-WERKZEUG-3319936
- https://snyk.io/vuln/SNYK-PYTHON-WERKZEUG-6035177
- https://snyk.io/vuln/SNYK-PYTHON-WERKZEUG-6808933
- https://snyk.io/vuln/SNYK-PYTHON-ZIPP-7430899
---
 files/requirements_dev.txt | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/files/requirements_dev.txt b/files/requirements_dev.txt
index 4f2ceab..60c5e06 100644
--- a/files/requirements_dev.txt
+++ b/files/requirements_dev.txt
@@ -4,7 +4,7 @@ celery>=5.1.0
 cffi>=1.14.5
 gevent>=21.12.0
 ujson>=1.35
-urllib3>=1.19 # required to avoid issues with get_url module
+urllib3>=2.2.2 # required to avoid issues with get_url module
 # - ndg-httpsclient>=0.4.2 # required to avoid issues with get_url module
 pyasn1==0.4.8
 #- six>=1.10.0  # try to fix error in dependencies with requests[security]
@@ -30,5 +30,6 @@ configobj>=5.0.6
 async_generator>=1.10
 Click>=7.1.2
 # workaround for https://git.ziirish.me/ziirish/burp-ui/-/issues/347#note_3770
-Werkzeug==2.0.2
-cryptography==36.0.2
+Werkzeug==3.0.3
+cryptography==42.0.8
+zipp>=3.19.1 # not directly required, pinned by Snyk to avoid a vulnerability